podsecuritypolicy

package
v1.3.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 7, 2017 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Provider

type Provider interface {
	// Create a PodSecurityContext based on the given constraints.
	CreatePodSecurityContext(pod *api.Pod) (*api.PodSecurityContext, error)
	// Create a container SecurityContext based on the given constraints
	CreateContainerSecurityContext(pod *api.Pod, container *api.Container) (*api.SecurityContext, error)
	// Ensure a pod's SecurityContext is in compliance with the given constraints.
	ValidatePodSecurityContext(pod *api.Pod, fldPath *field.Path) field.ErrorList
	// Ensure a container's SecurityContext is in compliance with the given constraints
	ValidateContainerSecurityContext(pod *api.Pod, container *api.Container, fldPath *field.Path) field.ErrorList
	// Get the name of the PSP that this provider was initialized with.
	GetPSPName() string
}

Provider provides the implementation to generate a new security context based on constraints or validate an existing security context against constraints.

func NewSimpleProvider

func NewSimpleProvider(psp *extensions.PodSecurityPolicy, namespace string, strategyFactory StrategyFactory) (Provider, error)

NewSimpleProvider creates a new Provider instance.

type ProviderStrategies

type ProviderStrategies struct {
	RunAsUserStrategy         user.RunAsUserStrategy
	SELinuxStrategy           selinux.SELinuxStrategy
	FSGroupStrategy           group.GroupStrategy
	SupplementalGroupStrategy group.GroupStrategy
	CapabilitiesStrategy      capabilities.CapabilitiesStrategy
}

ProviderStrategies is a holder for all strategies that the provider requires to be populated.

type StrategyFactory

type StrategyFactory interface {
	// CreateStrategies creates the strategies that a provider will use.  The namespace argument
	// should be the namespace of the object being checked (the pod's namespace).
	CreateStrategies(psp *extensions.PodSecurityPolicy, namespace string) (*ProviderStrategies, error)
}

StrategyFactory abstracts how the strategies are created from the provider so that you may implement your own custom strategies that may pull information from other resources as necessary. For example, if you would like to populate the strategies with values from namespace annotations you may create a factory with a client that can pull the namespace and populate the appropriate values.

func NewSimpleStrategyFactory

func NewSimpleStrategyFactory() StrategyFactory

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL